Typical SharePoint scenarios involves internal use (Intranet). But what happens when you want to use it externally? We ran across this situation recently. A client of ours wanted to securely grant access to their Intranet to a select group of outside salespeople

The solution was to extend their Web application. Extending the Web application allows you to use an alternate FQDN and port to display existing SharePoint content. This is very useful for extranet applications or to grant external access to Intranet sites.

In this example, we are going to make an internal SharePoint application accessible over the Internet by extending it using https protocol and SSL.

To begin, make sure you back up the site/server first, then go to central administration –>  application management –> manage Web applications

Select the internal Web site that you wish to extend and click on the extend button.

image

Select new IIS site (1), the give your site a freindly name (2) and in the host header section (3), enter your site’s FQDN that will be accessible via the public Internet. Disable anonymous access (4) and enable SSL (5).

image

In the public URL section, select extranet zone.

image

Click Ok to extend the site. Once extended, you shoul see the URL in the alternate access mappings.

image

Open IIS7 and you will find the site there as well.

image

Creating an HTTPS Site using SSL Certificates

You can use a private or public certificae. In this example we will go with a public. Select server certificates from the IIS page.

image

Click on the create certificate request link. Enter the site’s public URL in the common name and fill out the rest of the details.

image

Select Microsoft RSA cryptographic Provider and a bit length.

image

Give the file a friendly name and export it.

image

There are several public certificate authotities you can use, for this example I will use ssls.com. You don’t need anything fancy for this, just a basic single domain SSL will suffice.

image

Once you purchase the SSL certificate and activate it, you will need to enter the CSR.

Copy the entire text file from the CSR you saved..

image

And paste in into the CSR dialog box in the SSLS CSR page.

image

The CSR will contain the public FQDN for your Extranet site.

image

Select the option to receive a validation by email and select a valid email address inside the domain. You will receive an email asking you to validate the domain by copying and pasting a code into a Web site. Once this is done, your SSL certificate will be issued and you will notified by email. After you are notified, go back to SSLS and download the certificate.

image

Right click on the certificate to extract the cert from the zip file. Then, click on the complete certificate request link in your IIS action pane.

image

Navigate to the extracted files and make sure your filename wildcard (1) is set to all files *.* and locate the certificate file ending in .crt (2).

image

Give your SSL a friendly name and import the private key.

image

Select the IIS7 Web site and click on the bindings link from the action pane.

image

Highlight the https type and click on the edit button. from the SSL certificate drop down box, select the certificate you just created.

image

The final piece is to open port 443 on your firewall and forward it to your SharePoint server.

Leave a comment

Your email address will not be published. Required fields are marked *